From a6b777c3018a1f050849709965178b76e2bf74c4 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Fri, 6 Dec 2024 16:14:25 +0100 Subject: [PATCH 01/30] Update Dockerfile Changes for better compatibilty with Kubernetes and OKD/OpenShift --- Dockerfile | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index defe028..252faf6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,7 +29,7 @@ RUN \ apk add --no-cache --virtual=build-dependencies \ npm && \ groupmod -g 1000 users && \ - useradd -u 911 -U -d /config -s /bin/false nbxyz && \ + useradd -u 1011 -U -d /config -s /bin/false nbxyz && \ usermod -G users nbxyz && \ mkdir /app \ /config \ @@ -44,7 +44,9 @@ RUN \ /app/ --strip-components=1 && \ npm install --prefix /app && \ apk del --purge build-dependencies && \ - rm -rf /tmp/* + rm -rf /tmp/* && \ + chown -R nbxyz:nbxyz /var/lib/nginx && \ + chown -R nbxyz:nbxyz /var/log/nginx ENV TFTPD_OPTS='' ENV NGINX_PORT='80' @@ -56,5 +58,7 @@ EXPOSE 3000 COPY root/ / -# default command -CMD ["sh","/start.sh"] +# ENTRYPOINT is not overwriteable +ENTRYPOINT ["sh", "/start.sh"] +# default command can be replaced in container-start +#CMD ["sh","/start.sh"] From 3a9f419fbe005b151108710ef07f4d757cc53883 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Fri, 6 Dec 2024 16:16:51 +0100 Subject: [PATCH 02/30] Update init.sh Changes for better compatibilty with Kubernetes and OKD/OpenShift --- root/init.sh | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/root/init.sh b/root/init.sh index 2eec0d7..97dbd9e 100755 --- a/root/init.sh +++ b/root/init.sh @@ -6,8 +6,11 @@ mkdir -p \ /config/nginx/site-confs \ /config/log/nginx \ /run \ - /var/lib/nginx/tmp/client_body \ - /var/tmp/nginx + /config/tmp/nginx/client-body \ + /config/tmp/nginx/proxy \ + /config/tmp/nginx/fastcgi \ + /config/tmp/nginx/uwsgi \ + /config/tmp/nginx/scgi # copy config files [[ ! -f /config/nginx/nginx.conf ]] && \ @@ -17,8 +20,8 @@ mkdir -p \ # Ownership chown -R nbxyz:nbxyz /assets -chown -R nbxyz:nbxyz /var/lib/nginx -chown -R nbxyz:nbxyz /var/log/nginx +#chown -R nbxyz:nbxyz /var/lib/nginx +#chown -R nbxyz:nbxyz /var/log/nginx # create local logs dir mkdir -p \ From a71cffc531e8d856b4de26ce89740ea8b68b3f8e Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Fri, 6 Dec 2024 16:20:31 +0100 Subject: [PATCH 03/30] Update supervisor.conf Changes for nginx and dnsmasq => all writeable files are now in locations, where they have read/write permissions. --- root/etc/supervisor.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/root/etc/supervisor.conf b/root/etc/supervisor.conf index 142e043..e7d26a6 100644 --- a/root/etc/supervisor.conf +++ b/root/etc/supervisor.conf @@ -9,7 +9,7 @@ stdout_capture_maxbytes=1MB priority = 1 [program:nginx] -command = /usr/sbin/nginx -c /config/nginx/nginx.conf +command = /usr/sbin/nginx -c /config/nginx/nginx.conf -e /config/log/nginx/error.log startretries = 2 daemon=off priority = 2 @@ -22,7 +22,7 @@ directory=/app priority = 3 [program:dnsmasq] -command=/usr/sbin/dnsmasq --port=0 --keep-in-foreground --enable-tftp --user=nbxyz --tftp-secure --tftp-root=/config/menus %(ENV_TFTPD_OPTS)s +command=/usr/sbin/dnsmasq --port=0 --keep-in-foreground --pid-file=/config/tmp/dnsmasq.pid --enable-tftp --user=nbxyz --tftp-secure --tftp-root=/config/menus %(ENV_TFTPD_OPTS)s stdout_logfile=/config/tftpd.log redirect_stderr=true priority = 4 From cebcccfd35055c24c002b0f4830bb1a6a0c23c80 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Fri, 6 Dec 2024 16:22:39 +0100 Subject: [PATCH 04/30] Update nginx.conf Changes for better compatibilty with Kubernetes and OKD/OpenShift --- root/defaults/nginx.conf | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/root/defaults/nginx.conf b/root/defaults/nginx.conf index ae1d6f0..4ee431e 100644 --- a/root/defaults/nginx.conf +++ b/root/defaults/nginx.conf @@ -4,7 +4,7 @@ pid /run/nginx.pid; include /etc/nginx/modules/*.conf; events { - worker_connections 768; + worker_connections 1024; } http { @@ -18,6 +18,12 @@ http { default_type application/octet-stream; access_log /config/log/nginx/access.log; error_log /config/log/nginx/error.log; + # Temporary directories for kubernetes changed to writeable folders + client_body_temp_path /config/tmp/nginx/client-body; + proxy_temp_path /config/tmp/nginx/proxy; + fastcgi_temp_path /config/tmp/nginx/fastcgi; + uwsgi_temp_path /config/tmp/nginx/uwsgi; + scgi_temp_path /config/tmp/nginx/scgi; gzip on; gzip_disable "msie6"; include /config/nginx/site-confs/*; From f6583a2d0b0cc9a944fef86db30e2e51f9f50d95 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Fri, 6 Dec 2024 16:25:23 +0100 Subject: [PATCH 05/30] Create readme.md --- kubernetes/readme.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 kubernetes/readme.md diff --git a/kubernetes/readme.md b/kubernetes/readme.md new file mode 100644 index 0000000..07e7ee0 --- /dev/null +++ b/kubernetes/readme.md @@ -0,0 +1 @@ +# Kubernetes Deployment example From f6525a89a582dc44d572d03a61ec65fd5ebf1e91 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Fri, 6 Dec 2024 16:28:54 +0100 Subject: [PATCH 06/30] Create deployment.yaml --- kubernetes/deployment.yaml | 97 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 kubernetes/deployment.yaml diff --git a/kubernetes/deployment.yaml b/kubernetes/deployment.yaml new file mode 100644 index 0000000..38d5801 --- /dev/null +++ b/kubernetes/deployment.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pxe-bootserver-ds + namespace: network +spec: + selector: + matchLabels: + app: pxe-bootserver + replicas: 1 + strategy: + #This is not the default + type: Recreate + template: + metadata: + labels: + app: pxe-bootserver + spec: + #securityContext: + #runAsUser: 1001 + #runAsGroup: 1000 + containers: + - name: pxe-bootserver + image: ghcr.io/netbootxyz/netbootxyz + imagePullPolicy: IfNotPresent + env: + - name: MENU_VERSION + value: "2.0.47" + - name: NGINX_PORT + value: "80" + - name: WEB_APP_PORT + value: "3000" + ports: + - name: tftp + containerPort: 69 + protocol: UDP + - name: nginx-port + containerPort: 80 + - name: web-app-port + containerPort: 3000 + volumeMounts: + - name: pxe-bootserver-conf + mountPath: /etc/supervisor.conf + subPath: supervisor.conf + - name: pxe-bootserver-conf + mountPath: /etc/nginx.conf + subPath: nginx.conf + - name: pxe-bootserver-conf + mountPath: /config/nginx/nginx.conf + subPath: nginx.conf + - mountPath: /config/ + name: config-store + - mountPath: /assets/ + name: data-store + - mountPath: /tmp/ + name: tmp-store + resources: + limits: + memory: 1Gi + requests: + cpu: 100m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsNonRoot: false + dnsPolicy: ClusterFirst + restartPolicy: Always + securityContext: + capabilities: + add: ["CHOWN"] + seccompProfile: + type: RuntimeDefault + serviceAccount: pxebootserver-sa + serviceAccountName: pxebootserver-sa + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + name: pxe-bootserver-conf + items: + - key: supervisor.conf + path: supervisor.conf + - key: nginx.conf + path: nginx.conf + name: pxe-bootserver-conf + - name: config-store + persistentVolumeClaim: + claimName: pxe-bootserver-config-pvc + - name: data-store + persistentVolumeClaim: + claimName: pxe-bootserver-data-pvc + - name: tmp-store + emptyDir: {} From c9f90ec4de156e0185fcfd0ebdc3dccc6ab53bc8 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Fri, 6 Dec 2024 16:29:31 +0100 Subject: [PATCH 07/30] Create serviceaccount.yaml --- kubernetes/serviceaccount.yaml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 kubernetes/serviceaccount.yaml diff --git a/kubernetes/serviceaccount.yaml b/kubernetes/serviceaccount.yaml new file mode 100644 index 0000000..b5f2e6b --- /dev/null +++ b/kubernetes/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pxebootserver-sa + namespace: network From e0426f055d18790b66b4198948f71a3929d5499b Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Fri, 6 Dec 2024 16:30:07 +0100 Subject: [PATCH 08/30] Create service.yaml --- kubernetes/service.yaml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 kubernetes/service.yaml diff --git a/kubernetes/service.yaml b/kubernetes/service.yaml new file mode 100644 index 0000000..c88886a --- /dev/null +++ b/kubernetes/service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + name: svc-pxe-bootserver + namespace: network +spec: + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: nginx-port + port: 80 + protocol: TCP + targetPort: 80 + - name: http-admin-port + port: 3000 + protocol: TCP + targetPort: 3000 + - name: tftp-port + port: 69 + protocol: UDP + targetPort: 69 + selector: + app: pxe-bootserver + sessionAffinity: ClientIP + type: ClusterIP From 56646c53e353e3c7bc932b6a4b908fb47c7526f4 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Fri, 6 Dec 2024 16:31:10 +0100 Subject: [PATCH 09/30] Create route.yaml --- kubernetes/route.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 kubernetes/route.yaml diff --git a/kubernetes/route.yaml b/kubernetes/route.yaml new file mode 100644 index 0000000..dfa87ce --- /dev/null +++ b/kubernetes/route.yaml @@ -0,0 +1,16 @@ +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: pxe-bootserver-route + namespace: network +spec: + host: pxeboot.apps.cluster.local + port: + targetPort: 3000 + tls: + termination: edge + to: + kind: Service + name: svc-pxe-bootserver + weight: 100 + wildcardPolicy: None From eabe97ed7028c0bf04483a8edebc4b3a56b99526 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Fri, 6 Dec 2024 16:32:20 +0100 Subject: [PATCH 10/30] Create pxe-bootserver-conf.yaml --- kubernetes/pxe-bootserver-conf.yaml | 73 +++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 kubernetes/pxe-bootserver-conf.yaml diff --git a/kubernetes/pxe-bootserver-conf.yaml b/kubernetes/pxe-bootserver-conf.yaml new file mode 100644 index 0000000..92fa3ef --- /dev/null +++ b/kubernetes/pxe-bootserver-conf.yaml @@ -0,0 +1,73 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: pxe-bootserver-conf + namespace: network +data: + supervisor.conf: |+ + [supervisord] + nodaemon=true + user=root + logfile=/config/supervisord.log + + [program:syslog-ng] + command=/usr/sbin/syslog-ng --foreground --no-caps + stdout_syslog=true + stdout_capture_maxbytes=1MB + priority = 1 + + [program:nginx] + command = /usr/sbin/nginx -c /config/nginx/nginx.conf -e /config/log/nginx/error.log + startretries = 2 + daemon=off + priority = 2 + + [program:webapp] + environment=NODE_ENV="production",PORT=%(ENV_WEB_APP_PORT)s + command=/usr/bin/node app.js + user=nbxyz + directory=/app + priority = 3 + + [program:dnsmasq] + command=/usr/sbin/dnsmasq --port=0 --keep-in-foreground --pid-file=/config/tmp/dnsmasq.pid --enable-tftp --user=nbxyz --tftp-secure --tftp-root=/config/menus %(ENV_TFTPD_OPTS)s + stdout_logfile=/config/tftpd.log + redirect_stderr=true + priority = 4 + + [program:messages-log] + command=tail -f /var/log/messages + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + nginx.conf: |+ + user nbxyz; + worker_processes 4; + pid /config/tmp/nginx.pid; + include /etc/nginx/modules/*.conf; + + events { + worker_connections 1024; + } + + http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + client_max_body_size 1m; + include /etc/nginx/mime.types; + default_type application/octet-stream; + access_log /config/log/nginx/access.log; + error_log /config/log/nginx/error.log; + # Temporary directories for kubernetes "readonlyfilesystem" + client_body_temp_path /config/tmp/nginx/client-body; + proxy_temp_path /config/tmp/nginx/proxy; + fastcgi_temp_path /config/tmp/nginx/fastcgi; + uwsgi_temp_path /config/tmp/nginx/uwsgi; + scgi_temp_path /config/tmp/nginx/scgi; + gzip on; + gzip_disable "msie6"; + include /config/nginx/site-confs/*; + } + daemon off; From 99133877f5b058f2d2dd83474448501b597dde55 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Fri, 6 Dec 2024 16:32:58 +0100 Subject: [PATCH 11/30] Create pvc.yaml --- kubernetes/pvc.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 kubernetes/pvc.yaml diff --git a/kubernetes/pvc.yaml b/kubernetes/pvc.yaml new file mode 100644 index 0000000..4664267 --- /dev/null +++ b/kubernetes/pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pxe-bootserver-data-pvc + namespace: network +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + storageClassName: rook-cephfs + volumeMode: Filesystem From 2d535ca2822a881deef1a750ed7837952630ee79 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Fri, 6 Dec 2024 16:33:37 +0100 Subject: [PATCH 12/30] Create pvc-config.yaml --- kubernetes/pvc-config.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 kubernetes/pvc-config.yaml diff --git a/kubernetes/pvc-config.yaml b/kubernetes/pvc-config.yaml new file mode 100644 index 0000000..5e3aa46 --- /dev/null +++ b/kubernetes/pvc-config.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pxe-bootserver-config-pvc + namespace: network +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Mi + storageClassName: rook-cephfs + volumeMode: Filesystem From 28cffaed216149ec2bdd744c3ba52476a1c0cb5c Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Fri, 6 Dec 2024 16:49:46 +0100 Subject: [PATCH 13/30] Update readme.md --- kubernetes/readme.md | 90 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/kubernetes/readme.md b/kubernetes/readme.md index 07e7ee0..8ed545c 100644 --- a/kubernetes/readme.md +++ b/kubernetes/readme.md @@ -1 +1,91 @@ # Kubernetes Deployment example +This is an example of one possibilty how to deploy netboot.xyz to a OKD/OpenShift cluster. +You can also use it for a Kubernetes cluster, but in this case you will add your ingress configuration instead of the route. + +## Edit PVC config +First edit both pvc (pvc.yaml and pvc-config.yaml) configs, so that they reference your storage-class. + +## Edit Route config (for OKD/OpenShift) +Edit the host to your needs. +``` +spec: + host: pxeboot.apps.cluster.local +``` + +## Optional edit PXE-Bootserver-Conf +Optionaly you can edit the pxe-bootserver-conf.yaml for your needs. + +## Deploy to Kubernetes or OKD/OpenShift +### create a namespace +``` +kubectl create ns pxeboot +``` +### deploy +``` +kubectl -n pxeboot apply -f pvc.yaml +kubectl -n pxeboot apply -f pvc-config.yaml +kubectl -n pxeboot apply -f pxe-bootserver-conf.yaml +kubectl -n pxeboot apply -f serviceaccount.yaml +kubectl -n pxeboot apply -f deployment.yaml +kubectl -n pxeboot apply -f route.yaml +kubectl -n pxeboot apply -f service.yaml +``` + +## Check if netboot.xyz is running +### Check Deployment, Service and Pod +``` +kubectl -n pxeboot get all + +NAME READY STATUS RESTARTS AGE +pod/pxe-bootserver-ds-5559fd7-4ncjb 1/1 Running 0 2d23h + +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +service/svc-pxe-bootserver ClusterIP 172.30.255.66 80/TCP,3000/TCP,69/UDP 11d + +NAME READY UP-TO-DATE AVAILABLE AGE +deployment.apps/pxe-bootserver-ds 1/1 1 1 3d7h + +NAME DESIRED CURRENT READY AGE +replicaset.apps/pxe-bootserver-ds-5559fd7 1 1 1 2d23h + +NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD +route.route.openshift.io/pxe-bootserver-route pxeboot.apps.cluster.local svc-pxe-bootserver 3000 edge None +``` +### Check the logs of the Pod +``` +kubectl -n pxeboot logs pxe-bootserver-ds-5559fd7-4ncjb + +chown: /config/nginx/nginx.conf: Read-only file system + _ _ _ + _ __ ___| |_| |__ ___ ___ | |_ __ ___ _ ____ +| '_ \ / _ \ __| '_ \ / _ \ / _ \| __| \ \/ / | | |_ / +| | | | __/ |_| |_) | (_) | (_) | |_ _ > <| |_| |/ / +|_| |_|\___|\__|_.__/ \___/ \___/ \__(_)_/\_\__, /___| + |___/ +2024-12-03 16:40:33,309 INFO Set uid to user 0 succeeded +2024-12-03 16:40:33,322 CRIT could not write pidfile /supervisord.pid +2024-12-03 16:40:34,326 INFO spawned: 'syslog-ng' with pid 13 +2024-12-03 16:40:34,330 INFO spawned: 'nginx' with pid 14 +2024-12-03 16:40:34,333 INFO spawned: 'webapp' with pid 15 +2024-12-03 16:40:34,336 INFO spawned: 'dnsmasq' with pid 16 +2024-12-03 16:40:34,340 INFO spawned: 'messages-log' with pid 17 +2024-12-03 16:40:34,348 WARN exited: messages-log (exit status 1; not expected) +2024-12-03 16:40:34,367 WARN exited: syslog-ng (exit status 2; not expected) +2024-12-03 16:40:35,714 INFO spawned: 'syslog-ng' with pid 28 +2024-12-03 16:40:35,715 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) +2024-12-03 16:40:35,715 INFO success: webapp entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) +2024-12-03 16:40:35,715 INFO success: dnsmasq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) +2024-12-03 16:40:35,718 INFO spawned: 'messages-log' with pid 29 +2024-12-03 16:40:35,726 WARN exited: messages-log (exit status 1; not expected) +2024-12-03 16:40:35,754 WARN exited: syslog-ng (exit status 2; not expected) +2024-12-03 16:40:37,760 INFO spawned: 'syslog-ng' with pid 30 +2024-12-03 16:40:37,763 INFO spawned: 'messages-log' with pid 31 +2024-12-03 16:40:37,771 WARN exited: messages-log (exit status 1; not expected) +2024-12-03 16:40:37,802 WARN exited: syslog-ng (exit status 2; not expected) +2024-12-03 16:40:40,938 INFO spawned: 'syslog-ng' with pid 36 +2024-12-03 16:40:40,941 INFO spawned: 'messages-log' with pid 37 +2024-12-03 16:40:40,950 WARN exited: messages-log (exit status 1; not expected) +2024-12-03 16:40:40,950 INFO gave up: messages-log entered FATAL state, too many start retries too quickly +2024-12-03 16:40:40,981 WARN exited: syslog-ng (exit status 2; not expected) +2024-12-03 16:40:41,983 INFO gave up: syslog-ng entered FATAL state, too many start retries too quickly +``` From 9bfda038bd24d902cb32a2d3caa7682e8a2ab4e0 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Fri, 6 Dec 2024 16:53:10 +0100 Subject: [PATCH 14/30] Update readme.md --- kubernetes/readme.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kubernetes/readme.md b/kubernetes/readme.md index 8ed545c..0c22d4b 100644 --- a/kubernetes/readme.md +++ b/kubernetes/readme.md @@ -55,7 +55,6 @@ route.route.openshift.io/pxe-bootserver-route pxeboot.apps.cluster.local ``` kubectl -n pxeboot logs pxe-bootserver-ds-5559fd7-4ncjb -chown: /config/nginx/nginx.conf: Read-only file system _ _ _ _ __ ___| |_| |__ ___ ___ | |_ __ ___ _ ____ | '_ \ / _ \ __| '_ \ / _ \ / _ \| __| \ \/ / | | |_ / @@ -89,3 +88,8 @@ chown: /config/nginx/nginx.conf: Read-only file system 2024-12-03 16:40:40,981 WARN exited: syslog-ng (exit status 2; not expected) 2024-12-03 16:40:41,983 INFO gave up: syslog-ng entered FATAL state, too many start retries too quickly ``` +In the current version we have 2 bugs, which have no impact for the netboot.xyz server. +``` +syslog-ng must be reconfigured or have to be removed +messages-log must be reconfigured or have to be removed +``` From 64b2beefaad7e9f48c285d84b4b1d1458205e9ed Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Fri, 6 Dec 2024 17:08:38 +0100 Subject: [PATCH 15/30] Update deployment.yaml --- kubernetes/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/deployment.yaml b/kubernetes/deployment.yaml index 38d5801..13f9aa7 100644 --- a/kubernetes/deployment.yaml +++ b/kubernetes/deployment.yaml @@ -17,7 +17,7 @@ spec: app: pxe-bootserver spec: #securityContext: - #runAsUser: 1001 + #runAsUser: 1011 #runAsGroup: 1000 containers: - name: pxe-bootserver From c002518ad9380f98ea87cf25c7abd2ff08153600 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Sun, 8 Dec 2024 16:34:56 +0100 Subject: [PATCH 16/30] Update service.yaml --- kubernetes/service.yaml | 64 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 63 insertions(+), 1 deletion(-) diff --git a/kubernetes/service.yaml b/kubernetes/service.yaml index c88886a..63ced46 100644 --- a/kubernetes/service.yaml +++ b/kubernetes/service.yaml @@ -5,7 +5,9 @@ metadata: name: svc-pxe-bootserver namespace: network spec: - internalTrafficPolicy: Cluster + externalTrafficPolicy: Local + internalTrafficPolicy: Local + #internalTrafficPolicy: Cluster ipFamilies: - IPv4 ipFamilyPolicy: SingleStack @@ -22,6 +24,66 @@ spec: port: 69 protocol: UDP targetPort: 69 + - name: tftp-port-1025 + port: 1025 + protocol: UDP + targetPort: 1025 + - name: tftp-port-1026 + port: 1026 + protocol: UDP + targetPort: 1026 + - name: tftp-port-1027 + port: 1027 + protocol: UDP + targetPort: 1027 + - name: tftp-port-1028 + port: 1028 + protocol: UDP + targetPort: 1028 + - name: tftp-port-1029 + port: 1029 + protocol: UDP + targetPort: 1029 + - name: tftp-port-1030 + port: 1030 + protocol: UDP + targetPort: 1030 + - name: tftp-port-1031 + port: 1031 + protocol: UDP + targetPort: 1031 + - name: tftp-port-1032 + port: 1032 + protocol: UDP + targetPort: 1032 + - name: tftp-port-1033 + port: 1033 + protocol: UDP + targetPort: 1033 + - name: tftp-port-1034 + port: 1034 + protocol: UDP + targetPort: 1034 + - name: tftp-port-1035 + port: 1035 + protocol: UDP + targetPort: 1035 + - name: tftp-port-1036 + port: 1036 + protocol: UDP + targetPort: 1036 + - name: tftp-port-1037 + port: 1037 + protocol: UDP + targetPort: 1037 + - name: tftp-port-1038 + port: 1038 + protocol: UDP + targetPort: 1038 + - name: tftp-port-1039 + port: 1039 + protocol: UDP + targetPort: 1039 selector: app: pxe-bootserver sessionAffinity: ClientIP From e1745356d36e34f1168ef6f25e57f7103c3bc8c6 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Sun, 8 Dec 2024 16:48:05 +0100 Subject: [PATCH 17/30] Update supervisor.conf Specify TFTP port-range and max. connections --- root/etc/supervisor.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/root/etc/supervisor.conf b/root/etc/supervisor.conf index e7d26a6..67dec6b 100644 --- a/root/etc/supervisor.conf +++ b/root/etc/supervisor.conf @@ -22,7 +22,7 @@ directory=/app priority = 3 [program:dnsmasq] -command=/usr/sbin/dnsmasq --port=0 --keep-in-foreground --pid-file=/config/tmp/dnsmasq.pid --enable-tftp --user=nbxyz --tftp-secure --tftp-root=/config/menus %(ENV_TFTPD_OPTS)s +command=/usr/sbin/dnsmasq --port=0 --keep-in-foreground --pid-file=/config/tmp/dnsmasq.pid --enable-tftp --user=nbxyz --tftp-secure --tftp-max=15 --tftp-port-range=1025,1039 --tftp-root=/config/menus %(ENV_TFTPD_OPTS)s stdout_logfile=/config/tftpd.log redirect_stderr=true priority = 4 From bc6c952a7269e7fa1d9c3ae1805b02ef419a3e96 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Sun, 8 Dec 2024 16:48:31 +0100 Subject: [PATCH 18/30] Update pxe-bootserver-conf.yaml --- kubernetes/pxe-bootserver-conf.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/pxe-bootserver-conf.yaml b/kubernetes/pxe-bootserver-conf.yaml index 92fa3ef..0f53e13 100644 --- a/kubernetes/pxe-bootserver-conf.yaml +++ b/kubernetes/pxe-bootserver-conf.yaml @@ -30,7 +30,7 @@ data: priority = 3 [program:dnsmasq] - command=/usr/sbin/dnsmasq --port=0 --keep-in-foreground --pid-file=/config/tmp/dnsmasq.pid --enable-tftp --user=nbxyz --tftp-secure --tftp-root=/config/menus %(ENV_TFTPD_OPTS)s + command=/usr/sbin/dnsmasq --port=0 --keep-in-foreground --pid-file=/config/tmp/dnsmasq.pid --enable-tftp --user=nbxyz --tftp-secure --tftp-max=15 --tftp-port-range=1025,1039 --tftp-root=/config/menus %(ENV_TFTPD_OPTS)s stdout_logfile=/config/tftpd.log redirect_stderr=true priority = 4 From 61cf35acea89d769ff308880e032d48283a1f4ce Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Sun, 8 Dec 2024 16:52:28 +0100 Subject: [PATCH 19/30] Update deployment.yaml Allow to bind to UDP 69 => NET_BIND_SERVICE --- kubernetes/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/deployment.yaml b/kubernetes/deployment.yaml index 13f9aa7..7029ee7 100644 --- a/kubernetes/deployment.yaml +++ b/kubernetes/deployment.yaml @@ -72,7 +72,7 @@ spec: restartPolicy: Always securityContext: capabilities: - add: ["CHOWN"] + add: ["CHOWN", "NET_BIND_SERVICE"] seccompProfile: type: RuntimeDefault serviceAccount: pxebootserver-sa From c9da43995bf21f801906a23d2ca08ca2ae380a43 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Mon, 9 Dec 2024 12:29:20 +0100 Subject: [PATCH 20/30] Update deployment.yaml --- kubernetes/deployment.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kubernetes/deployment.yaml b/kubernetes/deployment.yaml index 7029ee7..bb9d737 100644 --- a/kubernetes/deployment.yaml +++ b/kubernetes/deployment.yaml @@ -19,6 +19,8 @@ spec: #securityContext: #runAsUser: 1011 #runAsGroup: 1000 + hostname: tftp + subdomain: svc-pxeboot containers: - name: pxe-bootserver image: ghcr.io/netbootxyz/netbootxyz From 5bd98d580a1b55c0205e0c8e0940e4990af43852 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Mon, 9 Dec 2024 12:31:18 +0100 Subject: [PATCH 21/30] Update service.yaml --- kubernetes/service.yaml | 86 +++++++++++------------------------------ 1 file changed, 22 insertions(+), 64 deletions(-) diff --git a/kubernetes/service.yaml b/kubernetes/service.yaml index 63ced46..0f4b487 100644 --- a/kubernetes/service.yaml +++ b/kubernetes/service.yaml @@ -5,9 +5,9 @@ metadata: name: svc-pxe-bootserver namespace: network spec: - externalTrafficPolicy: Local - internalTrafficPolicy: Local - #internalTrafficPolicy: Cluster + #externalTrafficPolicy: Local + #internalTrafficPolicy: Local + internalTrafficPolicy: Cluster ipFamilies: - IPv4 ipFamilyPolicy: SingleStack @@ -20,71 +20,29 @@ spec: port: 3000 protocol: TCP targetPort: 3000 + selector: + app: pxe-bootserver + sessionAffinity: ClientIP + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + name: svc-pxeboot + namespace: network +spec: + #externalTrafficPolicy: Local + internalTrafficPolicy: Local + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: - name: tftp-port port: 69 protocol: UDP targetPort: 69 - - name: tftp-port-1025 - port: 1025 - protocol: UDP - targetPort: 1025 - - name: tftp-port-1026 - port: 1026 - protocol: UDP - targetPort: 1026 - - name: tftp-port-1027 - port: 1027 - protocol: UDP - targetPort: 1027 - - name: tftp-port-1028 - port: 1028 - protocol: UDP - targetPort: 1028 - - name: tftp-port-1029 - port: 1029 - protocol: UDP - targetPort: 1029 - - name: tftp-port-1030 - port: 1030 - protocol: UDP - targetPort: 1030 - - name: tftp-port-1031 - port: 1031 - protocol: UDP - targetPort: 1031 - - name: tftp-port-1032 - port: 1032 - protocol: UDP - targetPort: 1032 - - name: tftp-port-1033 - port: 1033 - protocol: UDP - targetPort: 1033 - - name: tftp-port-1034 - port: 1034 - protocol: UDP - targetPort: 1034 - - name: tftp-port-1035 - port: 1035 - protocol: UDP - targetPort: 1035 - - name: tftp-port-1036 - port: 1036 - protocol: UDP - targetPort: 1036 - - name: tftp-port-1037 - port: 1037 - protocol: UDP - targetPort: 1037 - - name: tftp-port-1038 - port: 1038 - protocol: UDP - targetPort: 1038 - - name: tftp-port-1039 - port: 1039 - protocol: UDP - targetPort: 1039 selector: app: pxe-bootserver sessionAffinity: ClientIP - type: ClusterIP + type: NodePort From 73a220884c5b934574a604b4158365a353fb84ac Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Mon, 9 Dec 2024 12:40:14 +0100 Subject: [PATCH 22/30] Update readme.md --- kubernetes/readme.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/kubernetes/readme.md b/kubernetes/readme.md index 0c22d4b..e05d0f6 100644 --- a/kubernetes/readme.md +++ b/kubernetes/readme.md @@ -1,11 +1,14 @@ # Kubernetes Deployment example + This is an example of one possibilty how to deploy netboot.xyz to a OKD/OpenShift cluster. You can also use it for a Kubernetes cluster, but in this case you will add your ingress configuration instead of the route. ## Edit PVC config + First edit both pvc (pvc.yaml and pvc-config.yaml) configs, so that they reference your storage-class. ## Edit Route config (for OKD/OpenShift) + Edit the host to your needs. ``` spec: @@ -13,14 +16,19 @@ spec: ``` ## Optional edit PXE-Bootserver-Conf + Optionaly you can edit the pxe-bootserver-conf.yaml for your needs. ## Deploy to Kubernetes or OKD/OpenShift + ### create a namespace + ``` kubectl create ns pxeboot ``` + ### deploy + ``` kubectl -n pxeboot apply -f pvc.yaml kubectl -n pxeboot apply -f pvc-config.yaml @@ -32,7 +40,9 @@ kubectl -n pxeboot apply -f service.yaml ``` ## Check if netboot.xyz is running + ### Check Deployment, Service and Pod + ``` kubectl -n pxeboot get all @@ -51,7 +61,9 @@ replicaset.apps/pxe-bootserver-ds-5559fd7 1 1 1 2d NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD route.route.openshift.io/pxe-bootserver-route pxeboot.apps.cluster.local svc-pxe-bootserver 3000 edge None ``` + ### Check the logs of the Pod + ``` kubectl -n pxeboot logs pxe-bootserver-ds-5559fd7-4ncjb @@ -93,3 +105,11 @@ In the current version we have 2 bugs, which have no impact for the netboot.xyz syslog-ng must be reconfigured or have to be removed messages-log must be reconfigured or have to be removed ``` + +## DHCP-Options for TFTP + +This deployment will need the following DHCP-Options: +- Option 66 Boot Server Hostname: tftp.svc-pxeboot.namespace.cluster.local +- Option 67 Bootfile Name: netboot.xyz.efi (for UEFI-Boot) +- Option 67 Bootfile Name: netboot.xyz-undionly.kpxe (for BIOS-Boot) + From 82a285be09cac6138a44c35b9738082e9d4b3f56 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Mon, 9 Dec 2024 12:47:58 +0100 Subject: [PATCH 23/30] Update readme.md --- kubernetes/readme.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/kubernetes/readme.md b/kubernetes/readme.md index e05d0f6..3ef16ec 100644 --- a/kubernetes/readme.md +++ b/kubernetes/readme.md @@ -24,19 +24,19 @@ Optionaly you can edit the pxe-bootserver-conf.yaml for your needs. ### create a namespace ``` -kubectl create ns pxeboot +kubectl create ns network ``` ### deploy ``` -kubectl -n pxeboot apply -f pvc.yaml -kubectl -n pxeboot apply -f pvc-config.yaml -kubectl -n pxeboot apply -f pxe-bootserver-conf.yaml -kubectl -n pxeboot apply -f serviceaccount.yaml -kubectl -n pxeboot apply -f deployment.yaml -kubectl -n pxeboot apply -f route.yaml -kubectl -n pxeboot apply -f service.yaml +kubectl -n network apply -f pvc.yaml +kubectl -n network apply -f pvc-config.yaml +kubectl -n network apply -f pxe-bootserver-conf.yaml +kubectl -n network apply -f serviceaccount.yaml +kubectl -n network apply -f deployment.yaml +kubectl -n network apply -f route.yaml +kubectl -n network apply -f service.yaml ``` ## Check if netboot.xyz is running @@ -44,7 +44,7 @@ kubectl -n pxeboot apply -f service.yaml ### Check Deployment, Service and Pod ``` -kubectl -n pxeboot get all +kubectl -n network get all NAME READY STATUS RESTARTS AGE pod/pxe-bootserver-ds-5559fd7-4ncjb 1/1 Running 0 2d23h @@ -65,7 +65,7 @@ route.route.openshift.io/pxe-bootserver-route pxeboot.apps.cluster.local ### Check the logs of the Pod ``` -kubectl -n pxeboot logs pxe-bootserver-ds-5559fd7-4ncjb +kubectl -n network logs pxe-bootserver-ds-5559fd7-4ncjb _ _ _ _ __ ___| |_| |__ ___ ___ | |_ __ ___ _ ____ @@ -109,7 +109,7 @@ messages-log must be reconfigured or have to be removed ## DHCP-Options for TFTP This deployment will need the following DHCP-Options: -- Option 66 Boot Server Hostname: tftp.svc-pxeboot.namespace.cluster.local +- Option 66 Boot Server Hostname: tftp.svc-pxeboot.network.cluster.local - Option 67 Bootfile Name: netboot.xyz.efi (for UEFI-Boot) - Option 67 Bootfile Name: netboot.xyz-undionly.kpxe (for BIOS-Boot) From 0ea0f3d586b75ed328c7f2904c048a72b6accc2f Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Mon, 9 Dec 2024 12:51:12 +0100 Subject: [PATCH 24/30] Update readme.md --- kubernetes/readme.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kubernetes/readme.md b/kubernetes/readme.md index 3ef16ec..9cb1a8c 100644 --- a/kubernetes/readme.md +++ b/kubernetes/readme.md @@ -49,8 +49,9 @@ kubectl -n network get all NAME READY STATUS RESTARTS AGE pod/pxe-bootserver-ds-5559fd7-4ncjb 1/1 Running 0 2d23h -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -service/svc-pxe-bootserver ClusterIP 172.30.255.66 80/TCP,3000/TCP,69/UDP 11d +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +service/svc-pxe-bootserver ClusterIP 10.20.255.66 80/TCP,3000/TCP 15d +service/svc-pxeboot NodePort 10.20.255.51 69:30936/UDP 15d NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/pxe-bootserver-ds 1/1 1 1 3d7h From d88a3ac33eee45c2701dfea850b79a7d28300db2 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Mon, 9 Dec 2024 13:04:08 +0100 Subject: [PATCH 25/30] Update readme.md --- kubernetes/readme.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/kubernetes/readme.md b/kubernetes/readme.md index 9cb1a8c..c3470e0 100644 --- a/kubernetes/readme.md +++ b/kubernetes/readme.md @@ -39,6 +39,18 @@ kubectl -n network apply -f route.yaml kubectl -n network apply -f service.yaml ``` +### CNI settings for the TFTP-Server + +Please notice the service configuration for the service: +- svc-pxboot +this is from **type: NodePort**. +This is important, because after a TFTP-client requests a file, +the TFTP-Server will initiate a new connection and send data back to the client over this new connection. +So you must configure your **CNI** to **not** use source nat (**SNAT**) for this connections ! +CNI configs: +- calico [SNAT-Config](https://docs.tigera.io/calico/latest/networking/configuring/workloads-outside-cluster) +- cilium [SNAT-Config](https://docs.cilium.io/en/stable/network/concepts/masquerading/) + ## Check if netboot.xyz is running ### Check Deployment, Service and Pod From f13c29f61d410a78147ccfca8cdb2255c8c28117 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Mon, 9 Dec 2024 13:05:36 +0100 Subject: [PATCH 26/30] Update readme.md --- kubernetes/readme.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/kubernetes/readme.md b/kubernetes/readme.md index c3470e0..f796067 100644 --- a/kubernetes/readme.md +++ b/kubernetes/readme.md @@ -1,6 +1,6 @@ # Kubernetes Deployment example -This is an example of one possibilty how to deploy netboot.xyz to a OKD/OpenShift cluster. +This is an example of one possibilty how to deploy netboot.xyz to a OKD/OpenShift cluster. You can also use it for a Kubernetes cluster, but in this case you will add your ingress configuration instead of the route. ## Edit PVC config @@ -43,10 +43,10 @@ kubectl -n network apply -f service.yaml Please notice the service configuration for the service: - svc-pxboot -this is from **type: NodePort**. -This is important, because after a TFTP-client requests a file, -the TFTP-Server will initiate a new connection and send data back to the client over this new connection. -So you must configure your **CNI** to **not** use source nat (**SNAT**) for this connections ! +this is from **type: NodePort**. +This is important, because after a TFTP-client requests a file, +the TFTP-Server will initiate a new connection and send data back to the client over this new connection. +So you must configure your **CNI** to **not** use source nat (**SNAT**) for this connections ! CNI configs: - calico [SNAT-Config](https://docs.tigera.io/calico/latest/networking/configuring/workloads-outside-cluster) - cilium [SNAT-Config](https://docs.cilium.io/en/stable/network/concepts/masquerading/) From 650f1217a705924990d48d1e8b33d0f4981dedf4 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Mon, 9 Dec 2024 13:07:31 +0100 Subject: [PATCH 27/30] Update readme.md --- kubernetes/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/readme.md b/kubernetes/readme.md index f796067..a321862 100644 --- a/kubernetes/readme.md +++ b/kubernetes/readme.md @@ -46,7 +46,7 @@ Please notice the service configuration for the service: this is from **type: NodePort**. This is important, because after a TFTP-client requests a file, the TFTP-Server will initiate a new connection and send data back to the client over this new connection. -So you must configure your **CNI** to **not** use source nat (**SNAT**) for this connections ! +So you must configure your **CNI** **do not** use source nat (**SNAT**) for this connections ! CNI configs: - calico [SNAT-Config](https://docs.tigera.io/calico/latest/networking/configuring/workloads-outside-cluster) - cilium [SNAT-Config](https://docs.cilium.io/en/stable/network/concepts/masquerading/) From b380e9d80b6025686081b4db13c3fdc4ae1dda57 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Mon, 9 Dec 2024 13:08:14 +0100 Subject: [PATCH 28/30] Update readme.md --- kubernetes/readme.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/kubernetes/readme.md b/kubernetes/readme.md index a321862..b83aeff 100644 --- a/kubernetes/readme.md +++ b/kubernetes/readme.md @@ -46,8 +46,10 @@ Please notice the service configuration for the service: this is from **type: NodePort**. This is important, because after a TFTP-client requests a file, the TFTP-Server will initiate a new connection and send data back to the client over this new connection. -So you must configure your **CNI** **do not** use source nat (**SNAT**) for this connections ! -CNI configs: +So you must configure your **CNI** **do not** use source nat (**SNAT**) for this connections ! + +#### CNI configs: + - calico [SNAT-Config](https://docs.tigera.io/calico/latest/networking/configuring/workloads-outside-cluster) - cilium [SNAT-Config](https://docs.cilium.io/en/stable/network/concepts/masquerading/) From 2657f995b284a8bd09e405765759e8e1879e5b06 Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Mon, 9 Dec 2024 13:10:56 +0100 Subject: [PATCH 29/30] Update readme.md --- kubernetes/readme.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kubernetes/readme.md b/kubernetes/readme.md index b83aeff..e163cd5 100644 --- a/kubernetes/readme.md +++ b/kubernetes/readme.md @@ -1,7 +1,10 @@ # Kubernetes Deployment example This is an example of one possibilty how to deploy netboot.xyz to a OKD/OpenShift cluster. -You can also use it for a Kubernetes cluster, but in this case you will add your ingress configuration instead of the route. +You can also use it for a Kubernetes cluster, but in this case you will add your ingress configuration instead of the route. +In this example we use: + cluster.local as the kubernetes cluster domain. + Please change it to your needs. ## Edit PVC config From 7b4aa9575b1b17fd2e46434682f3ec5712bbbd8b Mon Sep 17 00:00:00 2001 From: EHerzog76 Date: Mon, 9 Dec 2024 13:11:57 +0100 Subject: [PATCH 30/30] Update readme.md --- kubernetes/readme.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kubernetes/readme.md b/kubernetes/readme.md index e163cd5..8daeced 100644 --- a/kubernetes/readme.md +++ b/kubernetes/readme.md @@ -2,9 +2,10 @@ This is an example of one possibilty how to deploy netboot.xyz to a OKD/OpenShift cluster. You can also use it for a Kubernetes cluster, but in this case you will add your ingress configuration instead of the route. + In this example we use: - cluster.local as the kubernetes cluster domain. - Please change it to your needs. + **cluster.local** as the kubernetes cluster domain. + **Please change it to your needs.** ## Edit PVC config